Join Sean Martin as he speaks with TK Keanini from DNSFilter at Black Hat USA 2024, exploring how DNSFilter's innovative approach to leveraging the Domain Name System (DNS) is making the internet safer by blocking billions of harmful requests daily. Learn about the simplicity of setting up this crucial cybersecurity tool and its broad applicability, from personal devices to global business networks.
During Black Hat USA 2024 in Las Vegas, Sean Martin engages in a Brand Story conversation with TK Keanini from DNSFilter to explore the pivotal role DNSFilter plays in safeguarding networks around the world. DNSFilter operates by leveraging the Domain Name System (DNS), an essential component of the internet. As TK Keanini shares, the company's primary mission is to filter out malicious traffic and allow legitimate traffic to pass through, thereby providing an effective layer of security that is both accessible and user-friendly.
The applicability of DNSFilter spans globally, reflecting the nature of cyber threats, which are not confined by geographic borders. One critical aspect discussed is DNSFilter's ability to manage approximately 130 billion DNS requests daily, blocking between three to four billion potentially harmful requests. This impressive scale underscores the importance of DNSFilter in preventing cyberattacks and protecting users from inadvertently accessing malicious sites.
From coffee shops to large enterprises, the relevance and ease of deploying DNSFilter stand out. For businesses, the practical uses of DNSFilter are numerous.
Keanini explains that the technology is effortless to set up and can be integrated directly into various levels of IT infrastructure, including Wi-Fi routers in coffee shops and public Wi-Fi in retail settings. This straightforward setup enables even those with minimal technical expertise to implement robust cybersecurity measures easily.
The conversation also highlights DNSFilter's effectiveness in addressing global issues, such as Child Sexual Abuse Material (CSAM), reinforcing the company's commitment to making the internet safer for everyone. The firm’s blocking capabilities are not limited to phishing and ransomware; they extend to other harmful content categories, ensuring comprehensive protection.
Moreover, for Chief Information Security Officers (CISOs) and organizations with established cybersecurity programs, DNSFilter offers an invaluable addition to their security suite. With DNSFilter, policies can be set with a single click, streamlining the process for schools, businesses, and managed service providers alike. Keanini points out that this level of usability ensures that even those without extensive cybersecurity experience can effectively manage and implement necessary protections.
Additionally, Keanini emphasizes the importance of DNSFilter's role in protecting everyday users on public Wi-Fi networks and its affordability for public-use scenarios. DNSFilter's technology integrates smoothly into existing security frameworks, providing peace of mind to users and IT administrators that their networks are secure. For individuals and organizations looking to enhance their online security, DNSFilter presents a compelling solution. With its easy setup, global reach, and comprehensive protection against a wide range of cyber threats, DNSFilter stands as a vital tool in the arsenal of modern cybersecurity solutions.
Learn more about DNSFilter: https://itspm.ag/dnsfilter-1g0f
Note: This story contains promotional content. Learn more.
Guest: TK Keanini, CTO, DNSFilter [@DNSFilter]
On LinkedIn | https://www.linkedin.com/in/tkkeaninipub/
Resources
Learn more and catch more stories from DNSFilter: https://www.itspmagazine.com/directory/dnsfilter
View all of our Black Hat USA 2024 coverage: https://www.itspmagazine.com/black-hat-usa-2024-hacker-summer-camp-2024-event-coverage-in-las-vegas
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
Blocking Billions to Secure the Internet | A Brand Story Conversation From Black Hat USA 2024 | A DNSfilter Story with TK Keanini | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] All right, here we are. We're coming to you from black cat USA, 2024 hacker suburb camp in Las Vegas, where lots of cool technologies come to life and hopefully organizations learn how to protect.
Their business from all the things that are coming at them from all different angles. And today I'm thrilled to have TK Kiani with me from DNSfilter. TK, how are you?
TK Keanini: Very good, thanks.
Sean Martin: It's good to have you on the show. And, uh, I think some good energy. I was down at the booth earlier today and some good traffic there.
Hopefully some good conversations.
TK Keanini: Yeah, it was really crowded. Um, a lot of people interested in, in solutions. Thanks.
Sean Martin: And you're, you're at the front line of a lot of what's going on. Definitely. In terms of, uh, network traffic, anyway, internet traffic. So tell me a little bit, uh, to kind of set the stage, what DNSfilter does.
TK Keanini: So DNSfilter is a cyber security company that, um, le, [00:01:00] leverages the domain name system, DNS, which is fundamental to the internet, to, um, to, to filter. Basically, um, we let through the good. We filter out the bad and uh, we've designed a product that basically is usable by basically anyone. You don't really need to be an expert.
Um, we operate globally. Um, this is something also important to us because attackers operate globally. Um, yesterday I pulled some stats. We, we saw about 130 billion DNS requests.
Sean Martin: Wow, with a B.
TK Keanini: Yeah, B. Uh huh. And we blocked about 3. 6 billion. It hovers between three billion, four billion that we block. Now, what you have to think about, when we block, that means we, we save somebody from getting hacked.
Right? And that really feels good. I mean, it might have been a personal friend, grandmother, auntie, uncle. These are not security experts. But they clicked on something bad, and we helped them out. And that [00:02:00] feels good. I
Sean Martin: It's a good, it's a good mission to have to protect the world, uh, the world's transactions and, and, and their experience online.
So how does what you do connect to business here? Cause we're obviously at a business event. Yeah. Um, do you, do you work with. Do you work with customers who have businesses or do you work with customers that have customers that they're also trying to protect? What's, what's the scope of what you offer?
TK Keanini: It's really all over the map. It's so easy to set up that, you know, we actually might be using it on the Wi Fi here. I, you know, and we don't know it. Until again, until you get a block page that said, you know, we just saved you from, uh. It's very likely here that a block page would come up. Yeah, especially here.
But, you know, coffee shops, hospitality, hotels, airports. Um, everybody runs our, our thing. I mean, this is actually why we see 130 billion requests per day. And this is globally, right? Um, the, the technology sits so [00:03:00] fundamental in the Internet stack that it, it actually, um, here, let me walk through the life cycle.
So you, so you click on a webpage, a link, maybe it's an email. The first thing that happens is the domain name system has to translate that name into an address. And we're essentially a filter for that. So if you go to an address that we know is bad, we'll block you. If not, we'll stay out of the way. Right.
Sean Martin: And so, organizations have to choose to use you. Where do you sit in the spectrum of the internet?
TK Keanini: Right. So, um, it's usually where you connect to the service provider. It actually might be on your laptop, in the case of the mobile user. Right. So, um, In the case of a coffee shop, it might be that Wi Fi router that's sitting there.
In the case of a, maybe a retail organization, it might be their public Wi Fi. That, and all of those things, when, when that whole community that [00:04:00] sits on that network is having to connect to something external or really internal, um, DNS is involved because it has to be translated to a, a number for the computer to know where to go, like a name translation to an address.
And when you go to that address, we've already done the categorization to know whether that's a, in the case of threat, it might be a phishing site. It might be, um, it might be something not related to threats. So let me point this out. Um, there are things that are globally bad, like, uh, vulnerable websites that want to hack you.
There are things that are globally bad just for the human race. Like, uh, CSAM stands for Child Sexual Abuse Material. This is just bad. It's a bad category, and frankly, I wish we didn't see any of it. But, you know, we've seen that whole, uh, websites that [00:05:00] do that grow maybe by 4x in the past year. Now, okay, this is a category.
We should block it, right? Because this is related to sex trafficking and bad things.
Sean Martin: So, who's, who's using DNS filter for that then? Is it law enforcement? Is it, uh,
TK Keanini: First and foremost, it is just your common everyday user. And, and again, like, if you're on a public Wi Fi, you're, you think you're anonymous, you're going to want to use that type of, uh, site to do your business, whatever it is.
You, you might use a public Wi Fi to even hack another, um, site. we, because we sit so fundamental in that stack, we can offer public wifi, uh, a level of security. That's frankly affordable. It's fast and it's effective. I mean, that's really where we sit. So like when I, when I, you know, make the claim that we're trying to make a safer internet for everyone, there is, there is a lot of people involved in that.
There might [00:06:00] be a managed service provider that, uh, that company uses it. They might, they might buy us direct. They just go to our website, click on the thing, you know, configure two parameters, they're off and running. Like, like your home network. Right. It would take you about six clicks to set it up and you'd be all set.
Sean Martin: Okay. And do you, so do you actually sell to consumers as well?
TK Keanini: Yeah. Okay.
Sean Martin: That's great. I didn't realize the, the scope of, I mean, you're, you're saying it, but I've just never clicked the scope of what you do. Yeah. Is there, that's um, That's phenomenal. So let's take, let's take this environment for example.
We don't know if you're running here or not, but certainly there's a lot of activity on this network. Um, that's probably not with ill intent, let's say, right? Either for research purposes or whatever. Um, what kind of scenarios might we encounter here that, that you might be protecting? [00:07:00]
TK Keanini: Let's see, probably the most classic would be, you know, if they're, when I say we, we kind of play our part in the larger whole, um, because DNS, um, is part of your protection.
There might be something also doing network detection and response. There might be something on the endpoint doing protection, but let's take a scenario. Let's say that, um, a, uh, a person here were to hack the wifi. And get in the middle of your traffic.
Sean Martin: And so man in the middle for, does that cover email as well?
Or just web traffic? Yeah. I guess it's webbing.
TK Keanini: Well, yeah. And, and basically your next action is to, to click on something that they're going to try and, um, you know, steal your password or whatever it is, the credential. Now, at some point in time, they're probably going to have to, uh, reach out to what is called their command and control servers.
Uh, they're bot. Um, where they get their global power [00:08:00] and, and those are going to be blocked by us. So somewhere within that kill chain, uh, DNS will play a vital role and in, in the protection. And I make that point because, you know, I think we're past the days where you can just do detection. No, nobody needs a longer list of things to fix, just fix it.
So yeah, I think protection is really the game these days. Thanks.
Sean Martin: So for. For an organization, what, how, let's talk to the CISOs here. Do, I presume most CISOs recognize what DNS does, of course, and, and the value that you bring. Do you find that, that programs today take into account what you have to offer, or are there still gaps?
TK Keanini: I think so. I think so. Um, for an organization that already has their role open, For a chief information security officer, you're talking about different, yeah, you're talking about somebody who already has a program, they already have a budget, they, um, [00:09:00] they consider DNS protection one of many of their suite, so yeah, there's, there's not really an awareness issue there, it's just, you know, does the solution fit their purpose?
Not only does it fit monetarily, does it fit operationally? Does it have the right adjacency to the other products in their suite? There's a lot to consider as a CISO.
Sean Martin: And then so if we move to smaller, perhaps less mature organizations where they don't have security leader, let alone, maybe not even a security team.
Um, they might rely on an IT provider that may or may not provide security services. What's, what's kind of the awareness at that level? Um,
TK Keanini: There, I think, you know, the, the really barrier to entry is, um, the ability to actually be effective without 10 years of experience. You know, I mean, I, I want to be as [00:10:00] effective as any music streaming, uh, service or, or YouTube, you know, anybody can use it at maybe any age.
And, and really that just comes down to, um, design, you know, you have to design, um, As a product that is going to, um, not require that level of expertise.
Sean Martin: So talk to me about the onboarding. Um, let's go to the, the user. Yeah. Individual user and also somebody who might be running a network. How do you, how do you get down there?
TK Keanini: So maybe two scenarios. Okay. Let's say, let's take a, a site centric scenario. So you're setting up a home network. And you fire up your Wi Fi, and at some point in time, your Wi Fi is going to ask for an IP address for the DNS server. You just point it to us. You're done.
Sean Martin: And typically the ISP [00:11:00] provides that, and you're just swapping it to yours?
TK Keanini: Yep, that's exactly right. Yep.
Sean Martin: And then do they have to provide you with the ISP?
TK Keanini: Yep. Nope. Nope. We do all the global resolution. Okay. Yeah, and, and it doesn't matter where you are in the world either. So, um, so that, that's, you know, that's basically one scenario. Let's call that site centric.
Sean Martin: Okay.
TK Keanini: The other one is, is maybe, uh, endpoint centric.
Let's say that, you know, you, you have a, just a five, you have a laptop, you have an iPad, you have an iPhone. You just need to, um, protect those things. And let's say you move around a lot. Again, you go to the thing that says DNS, you change the address. Again, you know, you have to come to the website and click on buy a package.
Um, but yeah, you point it to address and you're off and running. So, again, the setup time is next to nothing. And frankly, it's just really informative, you know. Half the time, what we're really good at, frankly, is, It's what [00:12:00] leading the threat category, no matter whether you're doing phishing or you're trying to, you know, do ransomware, DNS is involved because there's some form of deception, you know, whether they're playing on your emotion or the acuteness of the situation, maybe, you know, it's the election, maybe it's Christmas, you know, you're, you're, you see something that you have to take advantage of right now, and it's high emotion, like, Oh my God, I need that.
You're going to click on the link. I don't care. You know, we're humans and and that, that's a category of deception that I think is only going to get more severe, particularly with generative AI. So I, my thing is the only way you can combat that is, is to enhance your human abilities with DNS filter comes in.
Sean Martin: And it has to be at a global level, as you described.
TK Keanini: Yes, absolutely.
Sean Martin: So I love those two scenarios, and, and, [00:13:00] I mean, talk about simple. Yeah. And talk about fundamental. I think, for years I've struggled with why can't we solve the fishing ransomware problem, if we can just get in the way of the command and control where they're doing all this stuff from.
TK Keanini: Right.
Sean Martin: We actually have a chance.
TK Keanini: Right. And I'm very pragmatic here. It shouldn't, if you can set up your phone or your home network to be on the internet, then you possess the skills already to use us. Like if I go beyond that, then I'm outside of the scope. Right. So that's really the bar for us.
Sean Martin: I love it.
And for, for somebody who's interested. Maybe a security team in an organization or an MSSP who's managing an organization's security program. What types of things do you do to ensure that you have the [00:14:00] insights for what is real, what's not in terms of a threat? Yeah,
TK Keanini: I think that's also very pragmatic.
You know, for the CISO, they're going to want to know stats. They're going to want to make it easy to implement policy. You know, like for, for schools, it's really important for them to just click a button and say, uh, the policy is you shouldn't be able to go to any website that, uh, is self harm. Okay, that's their policy.
Now, do they want to do the work of categorizing the world's websites? No, right? Right. But when they buy us, they get that. It's one click of the button. So, again, for the policy makers
Sean Martin: So you do the categories and the policies. Okay.
TK Keanini: Yeah. Yeah, like I mentioned, CSAM is just a pure category, you know, pornography, uh, mark, you know, it might be car sales and whatever their policy is.
There's just a ton of policies in there one click away. So, and we manage that. So as things get added, uh, removed, that's all just within [00:15:00] that set. Um, and then again, you know, let's take another scenario. Let's say it's an incident responder. Let's say that, um, you want to, something has happened and you want to see Uh, what DNS, uh, domains this particular laptop has seen in the last 30 days.
That, that, that's another real scenario that's of value. Right? You're looking through a general ledger now. And you're going to find out, oh wow, it actually happened on the 4th of this month, not the 5th.
Sean Martin: So it's a, uh, history tracking for an, uh, I presume it's an IP address or a MAC address that you're.
TK Keanini: It's the DNS call. Like, they, they went to www. simware. com.
Sean Martin: How do you map it to the caller?
TK Keanini: The client, the client, the client that the, the mobile user installs. Okay. Yeah. Got it.
Sean Martin: Yeah, because one of the things I was curious about is, um, [00:16:00] because it's so simple and, and it, essentially you set it and forget it for the most part.
Um, at some point you might want to know that you're doing what you're doing. Yeah, it's being effective. Right? Yeah, exactly.
TK Keanini: How many sites did we block? Right. Uh, and which, and who, who went to those sites? Yeah. Um, yeah, all of those things are very table stakes for the offering.
Sean Martin: And then another point I want to make, and you can reinforce it, is it, it's automatic.
So we're not, we're not creating an alert here that somebody has to chase down to see if it's real or not. That's right. And then make some, some response decision. So the MTT D and MTTR is effectively one and the same and immediate.
TK Keanini: It's at machine scale. It'll probably happen in less than 10 milliseconds.
Sean Martin: Yeah. It's phenomenal. It's phenomenal. Well TK, it's been great chatting with you. I don't know if there's something we didn't touch on that you want to share with folks?
TK Keanini: No, we [00:17:00] covered a lot of ground. You know, DNSfilter. com. You can buy the basic package, the pro package, and the enterprise package. Perfect.
Most of the small businesses go with basic or pro.
Sean Martin: And you have a good channel program. A lot of partners?
TK Keanini: Yeah, a lot of ours. Uh, again, you know, particularly if they're going to mid. To, to larger customers. They're selling us within a suite.
Sean Martin: Okay.
TK Keanini: Yep.
Sean Martin: Perfect. Well, I'll leave it with that and, uh, a call to have everybody connect with TK.
Please do. And, uh, meet the, meet the DNS filter team and, and get that first line of defense in place.
TK Keanini: Fantastic. Thank you.
Sean Martin: Thank you. And thanks everybody for listening. Hope you enjoy this, uh, brand story with, uh, TK and the DNS filter. And stay tuned for more.